package lumis.portal.service.acl;

import lumis.portal.*;
import lumis.portal.service.*;
import lumis.portal.acl.PortalPermissions;
import lumis.portal.authentication.SessionConfig;
import lumis.portal.dao.*;
import lumis.portal.manager.*;
import lumis.util.*;
import lumis.util.security.acl.*;

/**
 * 
 * @version $Revision: 8949 $ $Date: 2008-03-03 15:23:30 -0300 (Mon, 03 Mar 2008) $
 * @since 4.0.0
 */
public class ServiceAclManager extends AclManager implements IServiceAclManager
{
	public String add(SessionConfig sessionConfig, ServiceConfig serviceConfig, ITransaction transaction) throws ManagerException, PortalException
	{
		if (!ManagerFactory.getPortalAclManager().checkPermission(sessionConfig, PortalPermissions.MANAGE_SERVICE_SECURITY, transaction))
			throw new AccessDeniedException();

		// create new acl
		AccessControlList parentAcl = ManagerFactory.getPortalAclManager().get(sessionConfig, transaction);
		String aclId = super.add(parentAcl, ServicePermissions.getInheritPermissionsMap(), ServicePermissions.getImplies(), transaction);

		serviceConfig.setAccessControlListId(aclId);

		return aclId;
	}

	public AccessControlList get(SessionConfig sessionConfig, String serviceId, ITransaction transaction) throws ManagerException, PortalException
	{
		return getAclInternal(sessionConfig, serviceId, transaction);
	}

	public void update(SessionConfig sessionConfig, String serviceId, AccessControlList acl, ITransaction transaction) throws ManagerException, PortalException
	{
		if (!checkPermission(sessionConfig, serviceId, ServicePermissions.MANAGE_SERVICE_SECURITY, transaction))
			throw new AccessDeniedException();

		ServiceConfig serviceConfig = ManagerFactory.getServiceManager().get(sessionConfig, serviceId, transaction);
		String serviceAcl = serviceConfig.getAccessControlListId();
		if (!serviceAcl.equals(acl.getId()))
			throw new PortalException("STR_INVALID_ACCESS_CONTROL_LIST");

		// force implied permissions
		acl.setImpliedPermissions(ServicePermissions.getImplies());

		super.update(acl, transaction);
	}

	protected AccessControlList getAclInternal(SessionConfig sessionConfig, String serviceId, ITransaction transaction) throws ManagerException, PortalException
	{
		ServiceConfig serviceConfig = ManagerFactory.getServiceManager().get(sessionConfig, serviceId, transaction);
		AccessControlList acl = aclCache.get(serviceConfig.getAccessControlListId());
		if (acl == null)
		{
			acl = DaoFactory.getAccessControlDao().get(serviceConfig.getAccessControlListId(), transaction);

			if (acl.isInheriting())
			{
				AccessControlList parentAcl = ManagerFactory.getPortalAclManager().get(sessionConfig, transaction);
				acl.inherit(parentAcl, ServicePermissions.getInheritPermissionsMap());
			}

			acl.setImpliedPermissions(ServicePermissions.getImplies());

			aclCache.put(serviceId, acl);
		}

		return acl;
	}

	protected int getRequiredPermissions() throws PortalException
	{
		return ServicePermissions.getRequiredPermissions();
	}
}
